Skip to main content

SSL in pictures

Here is my summary on SSL (or as I like to call it 'SSL for dummies')

Basic idea of SSL (Secure Socket Layer)

SSL provide secure connection over the net. This way one can connect over the net with basic security requirements: secure authentication of both sides (who am I and who you are) and encryption (hide what I say).

TLS (Transport Layer Security) is a security protocol from the IETF that is based on the Secure Sockets Layer (SSL) 3.0 protocol developed by Netscape.

Client Authentication 

Without SSL, authentication of client is done by username and password. With SSL, server can authenticate client with digital certificate and signature to make sure the client is really who who it claims to be.

Without SSL:

With SSL:

Encryption of the information

The user information that is sent both ways is encrypted so it can be read by 3rd party. in order to do so, there is "handshake" of secrets between server and client.

In the "handshake" public/private keys are used between server and client to decide on a secret number that will be later used by symmetric encryption to encrypt user data (link):

Here is high level diagram of connection setup:

Note that the user information is encrypted using symmetric key that was decided by both sides. But this negotiation was done via encrypted channel that used public/private keys which is very hard to break. Each few minutes, the secret is changed to avoid breaking it.

Here is a more detailed diagram:

SSL two way authentication

In two-way SSL authentication, the SSL client application verifies the identity of the SSL server application, and then the SSL server application verifies the identity of the SSL-client application.

Two-way SSL authentication is also referred to as client authentication because the application acting as an SSL client presents its certificate to the SSL server after the SSL server authenticates itself to the SSL client: (link)

SSL one way authentication

In such mode, the SSL-client application is not verified by the SSL-server application. Only the server is verified:


Very helpful article ! I was always curious about all these complex algorithms that are being used in these ssl encryptions.
Anonymous said…
Anonymous said…
Nicely detailed! Thanks!
Anonymous said…
Nice explanation. Thanks. Almost understood everything except one thing. What is the "pre-master secret" and how are the public and private keys used? How can the server decrypt the replies from the client with its private key, if these have been encrypted with a different key (its public key)? I'm not an encryption specialist, but I would have thought that you have to use the same key to en- and decrypt.
Ziv said…
Sorry for the late reply....

It was years since I worked on this area :-(
I don't remember this area good enough to help you.

Popular posts from this blog

Jenkins error: groovy.lang.MissingPropertyException

I tried to run groovy build step and got below error. This post will describe how I solved the problem.

Caught: groovy.lang.MissingPropertyException: No such property: hudson for class: script

טיפים לטסט על אמבולנס במד"א

אורך הטסט הוא בערך 20-30 דקות בהם הטסטר נותן הוראות ימינה ושמאלה ולפעמים קצת יותר. נראה שהטסטר מחפש להבין שאתה לא נהג חסר אחריות.
הרכב עצמו הוא אוטומט. מוט ההילוכים הוא בהגה ודרכו אפשר לעבור בין המצבים (Drive, Reverse etc).
ההמברקס הוא דוושת הרגל השמאלית.
טיפיםהעצות בלשון זכר רק לצורך פשטות.
בתחילת הנסיעה:
אם אתה הראשון, תדליק אורות דרך.

בדוק איך מעבירים את ההילוך ל 3 בלי להסתכל בידית ההילוכים כי הטסטר עלול לבקש במהלך הנסיעה שתעביר להילוך שלישי.

בדוק איך להשתמש בדוושת בלם היד (שמאלית) כי ייתכן שהטסטר ישלוף לך את המפתח באמצע הנסיעה ויבקש ממך לבלום את האמבולנס באמצעות "פימפום" על דוושת הבלם יד תוך כדי שידית השחרור שלו משוכה אחורה כדי שלא ינעל הבלם
בנסיעה: סע לאט, אבל בטוח. 
ציית לתמרורים,

לא לשכוח לאותת,
שמור מרחק, 
אל תקפוץ על פסי האטה, 
אל תעלה על מדרכה ואם זה קורה בפנייה אז קח אחורה ורד מהמדרכה (המדרכה היא רק להולכי הרגל),
סע בצד ימין ולא באמצע הכביש,
תדע להגיד כמה מותר לנסוע בכל כביש שאתה נמצא בו,
כאשר נמצאים ברחוב שנכנס לרחוב חד סטרי אז צריך לדעת לאיזה צד לפנות בתוך הרחוב …

ALM Octane - KM02494295 - Installing Elastic Search server - VERSION 2.4

Content of KM from Jun 20, 2017:

Installing Elasticsearch server
Elasticsearch is a required component of ALM Octane.  This document is provided as a service on how to install and configure Elasticsearch on a Red Hat Enterprise Linux / Centos or Windows platforms.
This article provides the steps for installing an Elasticsearch database. Elasticsearch is a required database component for ALM Octane.
Response Elasticsearch is quite memory intensive and requires disk space to maintain indexes. Therefore, we recommend you have a dedicated machine. The size of the customer environment (standalone or clustered, number of workspaces, amount of data, and so on) may affect whether you need a mid-level machine or an Elasticsearch cluster. Therefore, the decision to use an existing server depends on the type of operations anticipated. For example, for testing purposes by a small pilot team, you can start with an existing server machine. Pre…